Parental and corporate controls for camera-phones

ABSTRACT

A system and method of the present invention provide parental and corporate control for a camera-phone. An administration authority web site is provided that enables an owner of a camera-phone to log into a server and establish a set of control policies that specify what actions on the phone are authorized for what user. The control policies that affect behavior of the camera-phone are downloaded to the camera-phone, and the camera-phone is then operated such that a user of the camera-phone is only able to perform actions authorized by the control policies. In a further embodiment, a control policy is provided that requires the camera-phone to upload captured images to the server for review by the camera-phone owner. In addition, the images may be quarantined until the camera-phone owner authorizes their release to the user.

FIELD OF THE INVENTION

The present invention relates to camera-phones, and more particularly toa method and system for providing parental and corporate controls forcamera-phones.

BACKGROUND OF THE INVENTION

Cellular telephones equipped with cameras, camera-phones, are inwidespread use today. Telephones (camera or otherwise) are designed tohelp their users. Thus, a design assumption is that the user can befully trusted and is given full authority over the phone.

However, in many cases, the role of the phone user is different from therole of the phone owner or responsible party. Often the phones are givenby an owner or more generally, any party that is responsible for thegiven phone, to some end user. For example, a parent may give a phone toa teenager, and a corporate or government manager may assign a phone tohis or her employee. Sometimes camera-phones are misused or used inmanners that are illegal, improper, or potentially embarrassing to theresponsible party. Media attention has focused on cheating in exams andtaking inappropriate pictures of other people. There could be a questionof legal or financial liability for the responsible party. For example,a suburban family may be sued if their child is caught distributing theneighbor's pictures, or an insurance company could be sued andembarrassed if one of its adjusters is misusing his camera.

Although parental controls for TV and Internet sites exist forcontrolling access to content, there are no known specific techniques tomanage the image content of a camera-phone. TV parental controls work byblocking television programming based upon its rating or by blockingcertain channels. Internet controls work by blocking access to certainweb content by restricting access to certain Internet sites. This isaccomplished by either matching the names of the sites with selected keywords or by looking up central registries (maintained by the productvendor or service provider) that have URLs for undesirable adult sites.Unfortunately, conventional parental control techniques cannot work forcamera-phones because the content or subject matter of the picturestaken by the camera cannot be known ahead of time.

Accordingly, a need exists for a method and system that providesparental and corporate content controls for camera-phones. The presentinvention addresses such a need.

BRIEF SUMMARY OF THE INVENTION

The present invention provides a method and system for providingparental control for a camera-phone. In a preferred embodiment, anadministration authority web site is provided that enables an owner of acamera-phone to log into a server and establish a set of controlpolicies that specify what actions on the phone are authorized. Thecontrol policies that affect behavior of the camera-phone are downloadedto the camera-phone, and the camera-phone is then operated such that auser of the camera-phone is only able to perform actions authorized bythe control policies. In a further embodiment, a control policy isprovided that requires the camera-phone to log the actions taken on thephone and to upload captured images to the server for review by thecamera-phone owner. In addition, the images may be quarantined until thecamera-phone owner authorizes their release to the user.

According to the method and system disclosed herein, the presentinvention provides for control of the camera-phone without restrictingthe content of the images captured by deterring misuse of the phonethrough logging and quarantining procedures. When end-users of thecamera-phone are made aware of the control policies, the logging andquarantine procedures act as a disincentive for the users takeinappropriate pictures and/or to distribute the pictures toinappropriate people.

BRIEF DESCRIPTION OF SEVERAL VIEWS OF THE DRAWINGS

FIG. 1 is a block diagram illustrating a system for providing parentaland corporate controls for camera-phones.

FIG. 2 is a flow diagram illustrating the process performed by acontroller module for providing parental and corporate controls for thecamera-phone in accordance with a preferred embodiment of the presentinvention

DETAILED DESCRIPTION OF THE INVENTION

The present invention relates to providing parental and corporatecontrol of a camera-phone. The following description is presented toenable one of ordinary skill in the art to make and use the inventionand is provided in the context of a patent application and itsrequirements. Various modifications to the preferred embodiments and thegeneric principles and features described herein will be readilyapparent to those skilled in the art. Thus, the present invention is notintended to be limited to the embodiments shown, but is to be accordedthe widest scope consistent with the principles and features describedherein.

Preventing misuse of camera-phones is a critical challenge in theexpansion of this technology. Already there has been significant mediaattention on potential misuse. Parents and corporations in particularwould also face liability from the misuse of phones that they assign tochildren or employees. Under public pressure, there might berequirements imposed by governments and other establishments such asschools and clubs about the kinds of camera-phones that are allowed.According to the present invention, a method and system for providingparental and corporate controls for camera-phones is provided thatsignificantly reduces the potential for camera-phone misuse.

FIG. 1 is a block diagram illustrating a system for providing parentaland corporate controls for camera-phones. According to the presentinvention, an administration authority web site 10 is provided thatenables an owner 12 of a camera-phone 14 to establish a set of rules orcontrol policies 16 for controlling how the camera-phone 14 is used,such as requiring all images 18 captured by the phone 14 to be uploadedto a server 20 for review by the owner 12. In a preferred embodiment,the control policies 16 may further include restricting access to thecaptures images 18 by an end-user 22 of the camera-phone 14 untilauthorization is given by the owner 12. When the camera-phone 14 isgiven to the end-user 22, the end-user 22 is preferably made aware ofthe applicable restrictions so they can make informed decisions abouthow he or she might attempt to use the phone 14.

In one preferred embodiment, administration authority web site 10 isimplemented by a cellular-phone service to offer a “protected” or“control” phone service to buyers of its camera-phones 14. Thecamera-phone 14 includes standard hardware and software for implementingfunctions of a cellular-phone and camera, such as a transceiver 30, acamera system 32, a display screen 34, keypad 36, processor 38, memory40, and operating system 41. According to the present invention, thecamera-phone 14 is configured to download the control policies 16 set bythe camera owner 12, and is provided with controller module 42 that onlyallows a user of the camera-phone 14 to perform actions that areauthorized by the control policies 16, as explained further below.

In operation, the camera owner 12 logs on to the administrationauthority server 20 to set or update the camera-phone control policies16 via step 1. In a preferred embodiment, this is accomplished byauthenticating the camera-phone owner 12, such as with a userid andpassword, and displaying a web page showing all the camera-phones 14associated with the camera-phone owner's account. The owner 12 may thenchoose the camera-phone(s) to configure. The above steps assume that anaccount has been established for the owner 12 after the owner 12purchases the camera-phone 14 and the authentication web site 20 isprovided with some unique identification of the camera-phone 14 (e.g.serial number). Each camera-phone 14 is associated with the camera-phoneowner's account and may have its own control policies page that enablesthe camera-phone owner 12 to select what actions are allowed on thecamera-phone 14 and/or what actions are restricted. In an alternativeembodiment, the camera owner 12 may have subaccounts to which a group ofcamera-phones 14 or members of a group are associated. This allows thecontrol policies 16 to be customized by subaccount or group. Inaddition, the control policies 16 may be configured such that policyenforcement is determined by parameters such as camera-phone 14location, date and time of day, the particular end-user 22, and so on.

In a preferred embodiment, the control policies 16 include settings forcamera-phone action authorization/restriction, password authentication,logging policies, and quarantine policies. Each type of control policyis explained below.

Camera-Phone Action Authorization/Restriction. The control policies 16include settings for authorizing or restricting actions/functions of thecamera-phone 14. Examples of actions settings include allowing ordisallowing the phone to take pictures altogether, restricting where orto whom the captured images may be sent, and so on. For example, aparent may forbid the use of the camera on the phone 14 when the phoneis loaned to a teenager.

Password Authentication. Passwords are a common idea for computers andphones, however, according to the present invention, the controlpolicies 16 may be configured to associate different password todifferent tasks, which are controlled remotely by the camera-phone owner12 through the administration authority 10. Thus, the camera-phone owner12 can enforce different policies, such as allowing no more than threepictures to be taken before the pictures are uploaded to the server 20for review by the camera 12. The controller module 42 is responsible forkeeping track of how many times pictures were taken in a session. When aphone is shared within a family or within a corporate group, and itsusers assigned his or her own password, the controller module 42 canrecord which user took the pictures, and some users may be allowed totake pictures when others are not.

Logging policies. Logging policies instruct the controller module 42 tolog the actions taken on the camera-phone 14 and to periodically uploadthe log to the server 20 when access is available to the administrativeauthority 20. Logging policies may or may not include the options ofalso uploading captured images 18 to the server 20. Logging actions inthis manner is a more hands off approach to managing the misuse of thedevices than password protection. Logging allows certain actions to beperformed on the given device (otherwise, the device might as well nothave the given capability). However, by logging the actions securely, itacts as a deterrent to potential misuses, because any violations theymake can be detected later. According to a further aspect of the presentinvention, logging is used not merely as an audit trail, but as aprerequisite for certain actions on the camera-phone 14. In other words,a user cannot work around the restriction by preventing the phone fromgoing online, but taking pictures with it while it is offline—this wouldprevent the log from becoming complete. According to the presentinvention, the camera-phone owner 12 may specify in the control policies16 that certain actions on the camera-phone 14 cannot be performed untilthe logging step is completed and acknowledged by the server 20. Forexample, a logging policy may specify that the end-user 22 cannot viewor share the pictures he took until the images are logged with theserver 20. In this manner, the camera-phone 14 can be used to takepictures even when it is off-line, but the pictures cannot be retrievedfrom it until the logging has been performed and acknowledged. Inaddition, well-known encryption-based methods can be employed in thecamera-phone to store the pictures locally but not release them to theend user 22 until the logging succeeds.

Quarantine policies. Quarantine policies are similar to logging policiesexcept that quarantine policies specify that all images 18 captured bythe camera-phone 14 must be uploaded to the server 20, and that theimages 18 must be approved by the camera owner or other designatedauthority before they are released for use. In this approach, images 18remain in quarantine until the owner 12 or authority releases the images18. This approach falls in between forbidding and merely loggingactions. Quarantine policies require a human to review the images 18 onthe remote server 20 to ensure that the pictures being viewed and sharedare legitimate. This step clearly provides the best defense againstmisuse, because the images 18 cannot be distributed until they areapproved by someone with the authority to do so. However, this step canbe potentially time-consuming, especially if a person is responsible formanaging several camera-phones. However, methods may be employed toimprove the productivity of the reviewer(s). Specifically, the images 18can be reviewed in batch, rather than one at a time. For example,pictures taken by a teenager could be reviewed every day by a parent (orupon request from the teenager); pictures taken by a corporate employeecould be reviewed when the bundle they form is complete. For instance,when an insurance agent files his report for a claim, all pictures thathe took related to that claim could be reviewed as part of the naturalbusiness workflow. Notice that the quarantine method changes thebehavior of the users who might otherwise take inappropriate pictures.It acts as a disincentive for users to take such pictures; thus when thequarantine method is employed, almost all pictures will be appropriate.Consequently, the task of the reviewer will mostly be quite simple—justquickly review and accept the pictures. The interface for reviewingquarantined (or otherwise logged) pictures could be based on a web siteor through email.

Referring still to FIG. 1, after the camera-phone 14 is given to theend-user 22 and the end-user 22 begins using the camera-phone 14, thecamera-phone 14 connects to the server 20 through the controller module42, and the controller module 42 periodically transmits a policy requestto the server 20 via step 2. In response, the server 20 downloads thecontrol policies 16 to the camera-phone 14 via step 3. In a preferredembodiment, the control policies specify authorized and/or restrictedactions, which actions, if any, require a password, and the requiredpasswords. In an alternative embodiment, rather downloading all of thecontrol policies 16 to the camera-phone 14, only a portion of thecontrol policies 16 that affect the behavior of the camera-phone 14 aredownloaded to the camera-phone 14. In this embodiment, only thenecessary control polices for the camera-phone would be downloaded,while the other control policies 16 would be enforced on the server 20.

As the end-user 22 uses the phone 14, various actions on the phone 14are taken, which may include the capture of images 18. When the userinstructs the phone 14 to perform an action, the controller module 42checks whether the requested action is authorized by the controlpolicies 16, and if so the action is performed by the camera-phone 14.If any passwords are required, the controller module 42 prompts the userfor the password. If the requested action is not authorized or thepassword fails, the controller module 14 denies the phone's request toperform the action and notifies the end-user 22 either audibly or via aprompt on the display screen 34.

If the control policies 16 include a logging policy, the camera-phone 14periodically uploads a log of the actions and optionally the capturedimages to the server 20 via step 4 for the purpose of allowing thecamera owner 12 or designated authority to review the activities andpictures taken by the end-user of camera-phone 14. In a preferredembodiment, the log and images are stored in a database 44 andassociated with the camera owner's account 12. In step 5, the cameraowner 12 accesses the server 20, logs into his or her account, and viewsthe logs and/or pictures in the database 44 that were uploaded by thecamera-phone 14. If the control policies 16 include a quarantine policy,then the camera owner 12 authorizes or denies the end-user 22 access oruse of the images 18 via step 6. The camera owner's 12 response is sentto the camera phone via step 7.

In the case of a quarantine policy, the camera-phone 14 can be used fortaking pictures in a disconnected mode, but the images 18 must beuploaded to the server 20 before they can be used. And the images 18 maybe quarantined either on the camera-phone 14 or on the administrationauthority web site 10 until the owner 12 authorizes use of the images16.

Note, the camera-phone owner 12 may set/update the control policies 16on the server 20 either before, during, or after the end-user 22 isprovided with the camera-phone 14. Because the controller module 42 onthe phone 14 checks with the web site 20, the camera-phone owner 12 canmodify the behavior of the phone as desired, e.g., by turning off theability to take pictures (or email pictures) even when the camera-phoneis not physically in the possession of the owner 12. This enables thecamera-phone owner 12 to set restrictions on the camera-phone 14dynamically and in response to how the end-user 22 is utilizing thecamera-phone 14. Thus, privileges on the camera-phone 14 can be awardedand withdrawn by the camera-phone owner 12 as needed.

FIG. 2 is a flow diagram illustrating the process for providing parentaland corporate controls for the camera-phone 14 performed by thecontroller module 42 in accordance with a preferred embodiment of thepresent invention. The process begins in step 100 when an action isattempted by the end-user 22 during operation of the camera-phone 14. Instep 102, the controller module 42 determines if the control policies 16are sufficiently recent. In one embodiment, a parameter in the controlpolicies 16 may control how often the controller module 42 requests thecontrol policies 16 from the server 20. Alternatively, the server 20 maybe configured to automatically push the control policies 16 to thecamera-phone 14 whenever an update is available and the camera-phone 14is online.

If the control policies are not sufficiently recent, then in step 104the controller module 42 requests and downloads the control policies 16from the server 20. If the control policies 16 are not updated after thedownload in step 106, then the controller module 42 notifies the user ofthe error in step 108. If the control policies 16 update correctly, thenthe controller module 42 in step 110 determines if the control policies16 allow the action attempted by the end-user 22. If the controlpolicies 16 do not authorized the action, then the step 112 thecontroller module 42 prevents the camera-phone 14 from performing theaction and notifies the user 22. If the control policies 16 authorizethe action, the camera-phone 14 performs the action (e.g. capture image)in step 124.

In step 126, the controller module 42 determines if the control policies16 include a logging policy. If not, in step 128 the controller module42 releases the image for further action. If there is a logging policy,in step 130 the controller module 42 logs the action taken by thecamera-phone 14 and uploads the log to the server 20. Besides theaction, the log may also include the time the action was taken, and thesettings of the camera-phone 14 at the time. In addition, the log mayalso include the captured image if the control policies 16 require thatcaptured images 18 be uploaded as part of the log.

In step 132, the control module 42 determines if the confirmation wasreceived from the server 20. If not, in step 134 the controller module42 retries logging at specified intervals. Until confirmation isreceived, the control policies may specify a set of restricted actions.Once confirmation is received, the controller module 42 determines ifthe control policies 16 include a quarantine policy in step 136. If not,then in step 138 the controller module 42 releases the captured imagefor further action. If there is a quarantine policy, then in step 140,the controller module 42 restricts access to the image until a decisionfrom the camera-phone owner 12 is received. If the decision receivedfrom the camera-phone owner does not authorize the image in step 142,then in step 144 the control module 42 notifies the user. If thedecision received from the camera-phone owner 12 does authorize theimage, then in step 146 the controller module 42 releases the image.

A method and system for providing parental and corporate control forcamera-phone has been disclosed. The present invention has beendescribed in accordance with the embodiments shown, and one of ordinaryskill in the art will readily recognize that there could be variationsto the embodiments, and any variations would be within the spirit andscope of the present invention. For example, the term camera-phoneincludes any portable device having wireless communication and theability to capture digital images, such as digital still and videocameras, and PDA's, for instance. And rather than uploading one loggedaction and/or image at a time to the server 20, as shown in FIG. 3, thecontroller module 42 can be configured to upload logged actions andcaptured images 18 in batch (e.g., uploading images that were capturedwhile the camera-phone was off-line when the camera-phone becomesonline). In addition, although the preferred embodiment of the presentinvention has been described in terms of a camera-phone owner 12, theterm camera-phone owner is intended to include the camera-phone owner'srepresentatives and designated authorities. Accordingly, manymodifications may be made by one of ordinary skill in the art withoutdeparting from the spirit and scope of the appended claims.

1. A method for providing parental control for a camera-phone,comprising enabling a camera-phone owner to set control policies for thecamera-phone at a server that specify what actions are authorized;downloading the control policies that affect behavior of thecamera-phone to the camera-phone; and operating the camera-phone suchthat a user of the camera-phone is only able to perform actionsauthorized by the control policies.
 2. The method of claim 1 furtherincluding: providing a control policy that requires the camera-phone toupload captured images to the server for review by the camera-phoneowner.
 3. The method of claim 2 further including: providing a controlpolicy that quarantines the upload images on the server until thecamera-phone owner authorizes release of the images to the user.
 4. Themethod of claim 1 further including: providing a control policy thatrequires the camera-phone to upload a log of the actions taken on thecamera-phone.
 5. The method of claim 3 further including: uploadingimages captured by the camera-phone with the log to the server formonitoring by the camera-phone owner.
 6. The method of claim 3 furtherincluding: providing a control policy that requires the server toacknowledge receipt of the log as a prerequisite to performing furtheractions.
 7. The method of claim 1 further including: restricting accessto images captured by the camera-phone while the camera-phone isoff-line.
 8. The method of claim 1 further including: providing acontrol policy that requires a user password to operate the camera. 9.The method of claim 8 further including: providing a control policy thatrequires different passwords to perform different actions on thecamera-phone.
 10. The method of claim 1 further including: enabling thecamera-phone owner to set the control policies by accessing the serveron an administrative control web site.
 11. The method of claim 10further including: enabling the camera-phone owner to review the imagesuploaded to the server and to authorize or deny authorization for theuser to access to the images from the administrative control web site.12. A computer-readable medium containing program instructions forproviding parental control for a camera-phone, the program instructionsfor: enabling a camera-phone owner to set control policies for thecamera-phone at a server that specify what actions are authorized;downloading the control policies that affect behavior of thecamera-phone to the camera-phone; and operating the camera-phone suchthat a user of the camera-phone is only able to perform actionsauthorized by the control policies.
 13. The computer-readable medium ofclaim 12 further including program instructions for: providing a controlpolicy that requires the camera-phone to upload captured images to theserver for review by the camera-phone owner.
 14. The computer-readablemedium of claim 13 further including program instructions for: providinga control policy that quarantines the upload images on the server untilthe camera-phone owner authorizes a release of the images to the user.15. The computer-readable medium of claim 12 further including programinstructions for: providing a control policy that requires thecamera-phone to upload a log of the actions taken on the camera-phone.16. The computer-readable medium of claim 15 further including programinstructions for: uploading images captured by the camera-phone with thelog to the server for monitoring by the camera-phone owner.
 17. Thecomputer-readable medium of claim 15 further including programinstructions for: providing a control policy that requires the server toacknowledge receipt of the log as a prerequisite to performing furtheractions.
 18. The computer-readable medium of claim 12 further includingprogram instructions for: restricting access to images captured by thecamera-phone while the camera-phone is off-line.
 19. Thecomputer-readable medium of claim 12 further including programinstructions for: providing a control policy that requires a userpassword to operate the camera.
 20. The computer-readable medium ofclaim 19 further including program instructions for: providing a controlpolicy that requires different passwords to perform different actions onthe camera-phone.
 21. The computer-readable medium of claim 12 furtherincluding program instructions for: enabling the camera-phone owner toset the control policies by accessing the server on an administrativecontrol web site.
 22. The computer-readable medium of claim 21 furtherincluding program instructions for: enabling the camera-phone owner toreview the images uploaded to the server and to authorize or denyauthorization for the user to access to the images from theadministrative control web site.
 23. A system for providing parentalcontrol for a camera-phone, comprising means for enabling a camera-phoneowner to set control policies for the camera-phone at a server thatspecify what actions are authorized; means for downloading the controlpolicies that affect behavior of the camera-phone to the camera-phone;and means for operating the camera-phone such that a user of thecamera-phone is only able to perform actions authorized by the controlpolicies.
 24. The system of claim 23 wherein the control policiesinclude a control policy that requires the camera-phone to uploadcaptured images to the server for review by the camera-phone owner. 25.The system of claim 24 wherein the control policies include a controlpolicy that quarantines the upload images on the server until thecamera-phone owner authorizes a release of the images to the user. 26.The system of claim 23 wherein the control policies include a controlpolicy that requires the camera-phone to upload a log of the actionstaken on the camera-phone.
 27. The system of claim 26 wherein thecontrol policy requires that images captured by the camera-phone theuploaded to the server with the log for monitoring by the camera-phoneowner.
 28. The system of claim 27 wherein the control policies include acontrol policy that requires the server to acknowledge receipt of thelog as a prerequisite to performing further actions.
 29. The system ofclaim 23 wherein the control policies restrict access to images capturedby the camera-phone while the camera-phone is off-line.
 30. The systemof claim 23 wherein the control policies include a control policy thatrequires a user password to operate the camera.
 31. The system of claim30 wherein the control policies include a control policy that requiresdifferent passwords to perform different actions on the camera-phone.32. The system of claim 23 wherein the camera-phone owner sets thecontrol policies by accessing the server on an administrative controlweb site.
 33. The system of claim 32 wherein the camera-phone owneraccesses the web site to review the images uploaded to the server and toauthorize or deny authorization for the user to access to the imagesfrom the administrative control web site.
 34. A method for providingparental control for a camera-phone, comprising enabling a camera-phoneowner to set control policies for the camera-phone at a server thatspecify what actions are authorized; downloading the control policiesthat affect behavior of the camera-phone to the camera-phone; onlyallowing a user of the camera-phone to perform actions authorized by thecontrol policies; in response to a user capturing an image with thecamera-phone, uploading a log of the actions and the image to the serverfor review by the camera-phone owner; and only releasing the images tothe user if the camera-phone owner authorizes the release.